Business

I was recently introduced to Amartya Sen's Liberal Paradox and found it quite interesting. The Wikipedia page does an ok job explaining it, I liked this article more.

Sen’s liberal paradox is meant to demonstrate that when autonomous agents act with complete freedom, it is impossible for the agents to produce an outcome that is a net improvement to everyone. While this is not to argue for government intervention, it is to say that a pareto optimal improvement and libertarianism cannot coexist. In other words, the paradox shows us that the invisible hand of the marketplace is incapable of producing net improvements in welfare for a given society.

When you think about the domain industry in the context of the liberal paradox it makes sense why everyone is so unhappy.

One thing that constantly bothers me is how we give advice to other people and how people listen to our advice. I think we are generally predisposed to give our opinions and advice to others; whether it be for our own ego, genuine desire to help others, a social obligation or whatever else may drive us. The underlying reason is somewhat irrelevant to the point of this post.

The thing that bothers me most is when people give unqualified advice, which could vary from simply time wasting to harmful in terms of content.

I receive a few advertising offers on my websites every month and most simply want to buy a banner/link for whatever reason - traffic, sales, branding, seo, etc. Honestly I don't care about their intention as long as it doesn't ruin my user experience.

The worst offers are people trying to get me to signup for their affiliate program.

Here is an example:

Hi,

I am Harish from Allo.com; we develop cost-effective next generation high quality VOIP products, such as Digital Telephony Cards, PBX Systems, Next Generation IP Phones and Analog Telephone Adapters…

We are interested in advertising our products on [my site redacted].

Please let me know who I should talk to.

Regards,

What's wrong with this offer?

It's deceitful.

This looks like a normal advertising request to buy a banner/link. It's not. How do I know it's an affiliate offer?

Seriously? Now my downloaded software is going to spew ads at me and provide a crappier product?

Thank god for Libre Office.

This is a warning to at least one major domain company. I will be naming names Monday (April 25th) unless it gets fixed. This type of behavior puts customer information at risk and has been hacked before.

YOUR PASSWORDS AREN'T SECURELY STORED

They store passwords in plaintext or a system where they can get back to plaintext (which for all intents and purposes are the same).

What does that mean? It means instead of data being stored in the following format:

accountName | 5f4dcc3b5aa765d61d8327deb882cf99

It gets stored like this:

accountName | password

How do I know if my password is securely stored (as a customer)?

There is no way to tell for sure it isn't stored as plaintext. However, the most common giveaway is trying the password recovery system. If they email you your original password, they are storing it in plaintext. If they force you to generate a new password, they most likely are storing it in a hashed form and have to generate a new hash on your new password because neither of you knows your old password.

Why does this matter?

If they were ever broken into, your passwords are exposed and the attacker can simply read them. If they are encrypted, the attacker would have to decrypt them first, which takes an incredible amount of time (assuming they use Salt). Thus making it exceptionally difficult if not practically impossible to do anything with a hashed password.

Huh? what? I am lost...
Ok, here is a simple explanation of how logins work:

User visits website.

User types in account and password.

In a PLAINTEXT system, the computer matches user entered account:password combo with an account:password combo in a user database.

In an encrypted (secure) system, the computer hashes the password using an algorithm (such as MD5) to produce a hash ('password' after md5 encrypt becomes '5f4dcc3b5aa765d61d8327deb882cf99'). The computer then matches the hash to a stored hash in the database, if the hashes match, it is the correct password. Only your password will generate the same hash, but nobody with access to the database will ever know what your password is because it's stored as a hash.

UPDATE: I am not going to recommend MD5 after further reading, there are apparently stronger algorithms such as bcrypt and SHA-2 which will keep passwords more secure than MD5.

If you have any questions - as a company or as a customer - feel free to contact me and ask.

I published a post listing 24,000 available brandable domain names that anyone could register a couple days ago.

It was far more successful than I ever imagined receiving over 17,000 page views. Ranking 3rd on HackerNews frontpage and 2nd in a major subreddit with over 30,000 subscribers.

I wanted to go through the entire setup of the article, the marketing, the goals, the traffic, the results and conclusion.

This is in response to this article.

I think the original article hits some really important points about lock-ins and timeliness for most types of customers. However, the article misses the biggest reason why it's so hard to find a good registrar.

Registrar and Customer interests are NOT aligned.

We agree that the registrar business is a commodity for most people and treated as such. This causes a race to the bottom in pricing, service and other aspects. The problem this has created is: how do registrars earn more money?

Screwing domain registrants and keeping/selling/monetizing their domain names.

A incomplete list of the ways registrars do/have screw(ed) over domain registrants:

• Automatically parking domains on their own PPC, creating the potential for legal issues for the owner and collecting any income made.
• Creating barriers to domain transfers such as 'faulty' email systems (looking at you eNom - over 4 years and you still claim it's on my end, yet every transfer in from the same email address works perfectly)
• Keeping domains that expire for themselves
• Selling off expired domains without them going through the delete process (Pre-Release)
• Marking up Redemption Grace Period renewals (often hundreds of dollars)
• Spamming (hi intrustdomains.com)
• Upselling useless products/services (godaddy is the worst offender)
• No incentive to create good user interfaces once you've registered domains
• Non-existent support (looking at shell registrars used for drop catching)
• Domain Tasting
• Exposing whois queries
• Frontrunning (buying a domain as you go through the registration process before you actually purchase)

Registrars watched others make money in the domain name business but saw razor thin margins. The biggest problem in my opinion is expired domain names. They make pennies for each domain I register but can potentially make thousands for each domain I expire through pre-release partnerships and drop catching (mostly pre-release these days).

With those sort of incentives, it becomes obvious why there are no (or few) good registrars. It takes a special level of commitment and someone who truly cares about creating a service that's good for their customers.

Just read an article by Nathan Hammond complaining about their registration agreement.

Apparently they automatically park the domains, waive all liability and then don't share any of the PPC profit with their customers. The article emphasizes the race to the bottom we're seeing in this industry from service providers (with a few exceptions of course).

The interests of the registrars and their customers just simply aligned anymore. This type of behavior won't end until it's fixed.

I just read that Libyan Spider, a reseller for .ly has been suspended by it's hosting company for violating US/UN sanctions. This is posted on the front of their website:

March, 31. 2011

Dear LS clients,

Our servers have been shut down by softlayer.com

We are currently trying to resolve this issue. They believe we fall under the blocked list of the UN/US sanctions.
We are a private company run by ordinary citizens that have no affiliation with the government. We are currently trying to
resolve this issue as soon as possible. This is out of our hands until softlayer.com can reactivate our servers. Please contact
them too to show them that you too are affected by this shutdown. We really are sorry that this error of judgement has occurred.
It is a complete injustice to us. They shut us down without even checking to see if we fell under that category. We will release a statement shortly.

Please email us at support@libyanspider.com
We hope that this issue will be resolved soon.

Best regards,
Hadi Naser
CEO Libyan Spider, LLC.

So the interesting question becomes, what sort of extensions really are sensible for a company to use? Can you imagine that you're violating a UN sanction for buying your domain name from a country that is attacking it's own people?

This registry in particular has a history of questionable practices which have brought up the concern about what extension/registry/country you use for your domain name. Is this just another concern nobody conceived of until it happened?

It seems to me, sticking with the popular gTLDs (com/net/org, hell, I will even throw in info/biz for stability) is an even safer bet these days. Is that better sounding name from a foreign country really worth it?

To finish this the only way I can see appropriate, a little domain humor.

Beeth> Girls are like internet domain names, the ones I like are already taken.
honx> well, you can stil get one from a strange country :-P

Source: bash.org

I found this PDF about overfitting the S&P 500 pretty amusing. Creating a model to fit S&P 500 using Bangladeshi sheep. It's a fun anecdotal story but the ending really hits home. 95% confidence in the model means 1/20 models are bogus. That's a lot of junk models and it's somewhat scary to think that these statistical models are being used a lot for very important things.